DeFi Conic Finance protocol was broken, 1700 ETH was stolen

Decentralized Finance Protocol (DeFi) Conic Finance said on Friday that one of its omnipools was compromised by a vulnerability that allowed an attacker to take 1700 ethers (ETH), which is more than $3.6 million at current exchange rates.

The root cause of the attack, according to BlockSec, was price manipulation caused by a “read-only re-entry.” Re-entry is a common defect that allows attackers to trick a smart contract by repeatedly invoking the protocol to obtain money. A challenge is a request to interact with the user’s wallet address from the smart contract address.

Users can now deposit tokens into Conic Finance’s Omnipools, a new product that increases payouts while diversifying risk in the Curve ecosystem. Omnipools were launched on March 1. Shortly after the launch, the protocol raised millions of dollars in investment, which indicates a huge demand for such a product.

Each omnipool distributes the liquidity of a single asset across different Curve pools. To maximize the earning potential from Curve Rewards (CRV), all Curve Liquidity Provider (LP) tokens are staked on Convex. Both Conic (CNC), Conic’s own token, and Convex (CNX), another token in the Curve ecosystem, are rewarded.

Conic Finance engineers said they are still investigating the cause of the exploit and are communicating with the relevant parties.The programmers also said they have disabled the problematic pool that allegedly made the attack possible. “We have disabled ETH Omnipool deposits on the Conic front-end,” they said.

Share on social media
About Crypto
About Crypto

About Crypto is a platform that creates always useful, high-quality and up-to-date content for you. We will help you to understand all the subtleties of the cryptocurrency world and always be aware of important events. Learn, improve and succeed with us.

Articles: 455